You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by sf...@apache.org on 2011/07/23 19:29:44 UTC
svn commit: r1150172 - in /httpd/httpd/branches/revert-ap-ldap: ./ build/
docs/ include/ modules/aaa/ modules/ldap/
Author: sf
Date: Sat Jul 23 17:29:42 2011
New Revision: 1150172
URL: http://svn.apache.org/viewvc?rev=1150172&view=rev
Log:
Revert r1129808:
Incorporate the ap_ldap incomplete API, as there is no interest or effort
at APR to make this a complete abstraction, and it was voted 'off the island'
with APR 2.0. This will allow httpd 2.3 to build against either apr-2.0
or apr+util 1.x.
This also reverts part of r1142938, which needs to be re-done.
Removed:
httpd/httpd/branches/revert-ap-ldap/build/find_ldap.m4
httpd/httpd/branches/revert-ap-ldap/include/ap_ldap.h.in
httpd/httpd/branches/revert-ap-ldap/include/ap_ldap.hnw
httpd/httpd/branches/revert-ap-ldap/include/ap_ldap.hw
httpd/httpd/branches/revert-ap-ldap/include/ap_ldap_init.h
httpd/httpd/branches/revert-ap-ldap/include/ap_ldap_option.h
httpd/httpd/branches/revert-ap-ldap/include/ap_ldap_rebind.h
httpd/httpd/branches/revert-ap-ldap/include/ap_ldap_url.h
httpd/httpd/branches/revert-ap-ldap/modules/ldap/ap_ldap_init.c
httpd/httpd/branches/revert-ap-ldap/modules/ldap/ap_ldap_option.c
httpd/httpd/branches/revert-ap-ldap/modules/ldap/ap_ldap_rebind.c
httpd/httpd/branches/revert-ap-ldap/modules/ldap/ap_ldap_url.c
Modified:
httpd/httpd/branches/revert-ap-ldap/README
httpd/httpd/branches/revert-ap-ldap/configure.in
httpd/httpd/branches/revert-ap-ldap/docs/doxygen.conf
httpd/httpd/branches/revert-ap-ldap/include/util_ldap.h
httpd/httpd/branches/revert-ap-ldap/modules/aaa/config.m4
httpd/httpd/branches/revert-ap-ldap/modules/aaa/mod_authnz_ldap.c
httpd/httpd/branches/revert-ap-ldap/modules/ldap/config.m4
httpd/httpd/branches/revert-ap-ldap/modules/ldap/util_ldap.c
httpd/httpd/branches/revert-ap-ldap/modules/ldap/util_ldap_cache.c
httpd/httpd/branches/revert-ap-ldap/modules/ldap/util_ldap_cache.h
httpd/httpd/branches/revert-ap-ldap/modules/ldap/util_ldap_cache_mgr.c
Modified: httpd/httpd/branches/revert-ap-ldap/README
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/revert-ap-ldap/README?rev=1150172&r1=1150171&r2=1150172&view=diff
==============================================================================
--- httpd/httpd/branches/revert-ap-ldap/README (original)
+++ httpd/httpd/branches/revert-ap-ldap/README Sat Jul 23 17:29:42 2011
@@ -76,11 +76,6 @@
OpenSSL or the operating system's platform-specific SSL facilities.
Apache httpd currently does not use that apr-util interface.
- modules/ldap/ provides an abstract interface for SSL encrypted LDAP
- (ldaps and STARTTLS style) connections, implemented with OpenLDAP,
- Netscape LDAP SDK, Mozilla LDAP SDK, or other platform specific ldap
- interfaces.
-
Some object code distributions of Apache httpd, indicated with the
word "crypto" in the package name, may include object code for the
OpenSSL encryption library as distributed in open source form from
Modified: httpd/httpd/branches/revert-ap-ldap/configure.in
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/revert-ap-ldap/configure.in?rev=1150172&r1=1150171&r2=1150172&view=diff
==============================================================================
--- httpd/httpd/branches/revert-ap-ldap/configure.in (original)
+++ httpd/httpd/branches/revert-ap-ldap/configure.in Sat Jul 23 17:29:42 2011
@@ -16,7 +16,6 @@ dnl #
sinclude(build/apr_common.m4)
sinclude(build/find_apr.m4)
sinclude(build/find_apu.m4)
-sinclude(build/find_ldap.m4)
sinclude(acinclude.m4)
dnl Later versions of autoconf (>= 2.62) by default cause the produced
Modified: httpd/httpd/branches/revert-ap-ldap/docs/doxygen.conf
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/revert-ap-ldap/docs/doxygen.conf?rev=1150172&r1=1150171&r2=1150172&view=diff
==============================================================================
--- httpd/httpd/branches/revert-ap-ldap/docs/doxygen.conf (original)
+++ httpd/httpd/branches/revert-ap-ldap/docs/doxygen.conf Sat Jul 23 17:29:42 2011
@@ -51,13 +51,12 @@ PREDEFINED="APR_DECLARE(x)=x" \
APR_HAS_USER \
APR_HAS_LARGE_FILES \
APR_HAS_XTHREAD_FILES \
- DOXYGEN \
- APU_DECLARE_DATA \
- __pre_nw__ \
+ DOXYGEN= \
+ APU_DECLARE_DATA= \
+ __pre_nw__= \
"APU_DECLARE(x)=x" \
"CACHE_DECLARE(x)=x" \
- "PROXY_DECLARE(x)=x" \
- "MODLDAP_DECLARE(x)=x"
+ "PROXY_DECLARE(x)=x"
OPTIMIZE_OUTPUT_FOR_C=YES
Modified: httpd/httpd/branches/revert-ap-ldap/include/util_ldap.h
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/revert-ap-ldap/include/util_ldap.h?rev=1150172&r1=1150171&r2=1150172&view=diff
==============================================================================
--- httpd/httpd/branches/revert-ap-ldap/include/util_ldap.h (original)
+++ httpd/httpd/branches/revert-ap-ldap/include/util_ldap.h Sat Jul 23 17:29:42 2011
@@ -28,10 +28,10 @@
#include "apr_thread_rwlock.h"
#include "apr_tables.h"
#include "apr_time.h"
-#include "ap_ldap.h"
-#include "ap_ldap_rebind.h"
+#include "apr_ldap.h"
+#include "apr_ldap_rebind.h"
-#if AP_HAS_MICROSOFT_LDAPSDK
+#if APR_HAS_MICROSOFT_LDAPSDK
#define AP_LDAP_IS_SERVER_DOWN(s) ((s) == LDAP_SERVER_DOWN \
||(s) == LDAP_UNAVAILABLE)
#else
@@ -44,7 +44,7 @@
#endif
/* this whole thing disappears if LDAP is not enabled */
-#if AP_HAS_LDAP
+#if APR_HAS_LDAP
/* Apache header files */
#include "ap_config.h"
@@ -194,7 +194,7 @@ APR_DECLARE_OPTIONAL_FN(int,uldap_connec
* that was connected.
* @tip This function unbinds from the LDAP server, and clears ldc->ldap.
* It is possible to rebind to this server again using the same ldc
- * structure, using ap_ldap_open_connection().
+ * structure, using apr_ldap_open_connection().
* @fn util_ldap_close_connection(util_ldap_connection_t *ldc)
*/
APR_DECLARE_OPTIONAL_FN(void,uldap_connection_close,(util_ldap_connection_t *ldc));
@@ -222,7 +222,7 @@ APR_DECLARE_OPTIONAL_FN(apr_status_t,uld
* @tip Once a connection is found and returned, a lock will be acquired to
* lock that particular connection, so that another thread does not try and
* use this connection while it is busy. Once you are finished with a connection,
- * ap_ldap_connection_close() must be called to release this connection.
+ * apr_ldap_connection_close() must be called to release this connection.
* @fn util_ldap_connection_t *util_ldap_connection_find(request_rec *r, const char *host, int port,
* const char *binddn, const char *bindpw, deref_options deref,
* int netscapessl, int starttls)
@@ -351,7 +351,7 @@ APR_DECLARE_OPTIONAL_FN(int,uldap_cache_
*/
APR_DECLARE_OPTIONAL_FN(int,uldap_ssl_supported,(request_rec *r));
-/* from ap_ldap_cache.c */
+/* from apr_ldap_cache.c */
/**
* Init the LDAP cache
@@ -366,7 +366,7 @@ APR_DECLARE_OPTIONAL_FN(int,uldap_ssl_su
*/
apr_status_t util_ldap_cache_init(apr_pool_t *pool, util_ldap_state_t *st);
-/* from ap_ldap_cache_mgr.c */
+/* from apr_ldap_cache_mgr.c */
/**
* Display formatted stats for cache
@@ -379,5 +379,5 @@ char *util_ald_cache_display(request_rec
#ifdef __cplusplus
}
#endif
-#endif /* AP_HAS_LDAP */
+#endif /* APR_HAS_LDAP */
#endif /* UTIL_LDAP_H */
Modified: httpd/httpd/branches/revert-ap-ldap/modules/aaa/config.m4
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/revert-ap-ldap/modules/aaa/config.m4?rev=1150172&r1=1150171&r2=1150172&view=diff
==============================================================================
--- httpd/httpd/branches/revert-ap-ldap/modules/aaa/config.m4 (original)
+++ httpd/httpd/branches/revert-ap-ldap/modules/aaa/config.m4 Sat Jul 23 17:29:42 2011
@@ -39,12 +39,11 @@ APACHE_MODULE(authz_core, core authoriza
dnl LDAP authentication module. This module has both the authn and authz
dnl modules in one, so as to share the LDAP server config directives.
-dnl XXX FIXME
APACHE_MODULE(authnz_ldap, LDAP based authentication, , , no, [
if test -z "$apu_config" ; then
- APR_ADDTO(MOD_AUTHNZ_LDAP_LDADD, [$LDADD_ldap])
+ MOD_AUTHNZ_LDAP_LDADD="`$apr_config --ldap-libs`"
else
- APR_ADDTO(MOD_AUTHNZ_LDAP_LDADD, [$LDADD_ldap])
+ MOD_AUTHNZ_LDAP_LDADD="`$apu_config --ldap-libs`"
fi
AC_SUBST(MOD_AUTHNZ_LDAP_LDADD)
])
Modified: httpd/httpd/branches/revert-ap-ldap/modules/aaa/mod_authnz_ldap.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/revert-ap-ldap/modules/aaa/mod_authnz_ldap.c?rev=1150172&r1=1150171&r2=1150172&view=diff
==============================================================================
--- httpd/httpd/branches/revert-ap-ldap/modules/aaa/mod_authnz_ldap.c (original)
+++ httpd/httpd/branches/revert-ap-ldap/modules/aaa/mod_authnz_ldap.c Sat Jul 23 17:29:42 2011
@@ -34,8 +34,8 @@
#include <ctype.h>
-#if !AP_HAS_LDAP
-#error mod_authnz_ldap requires LDAP support. To fix add --with-ldap to ./configure.
+#if !APR_HAS_LDAP
+#error mod_authnz_ldap requires APR-util to have LDAP support built in. To fix add --with-ldap to ./configure.
#endif
static char *default_attributes[3] = { "member", "uniqueMember", NULL };
@@ -256,7 +256,7 @@ static void authn_ldap_build_filter(char
* LDAP filter metachars are escaped.
*/
filtbuf_end = filtbuf + FILTER_LENGTH - 1;
-#if AP_HAS_MICROSOFT_LDAPSDK
+#if APR_HAS_MICROSOFT_LDAPSDK
for (p = user, q=filtbuf + strlen(filtbuf);
*p && q < filtbuf_end; ) {
if (strchr("*()\\", *p) != NULL) {
@@ -1333,12 +1333,12 @@ static const char *mod_auth_ldap_parse_u
const char *mode)
{
int rc;
- ap_ldap_url_desc_t *urld;
- ap_ldap_err_t *result;
+ apr_ldap_url_desc_t *urld;
+ apr_ldap_err_t *result;
authn_ldap_config_t *sec = config;
- rc = ap_ldap_url_parse(cmd->pool, url, &(urld), &(result));
+ rc = apr_ldap_url_parse(cmd->pool, url, &(urld), &(result));
if (rc != APR_SUCCESS) {
return result->reason;
}
@@ -1391,13 +1391,13 @@ static const char *mod_auth_ldap_parse_u
if (mode) {
if (0 == strcasecmp("NONE", mode)) {
- sec->secure = AP_LDAP_NONE;
+ sec->secure = APR_LDAP_NONE;
}
else if (0 == strcasecmp("SSL", mode)) {
- sec->secure = AP_LDAP_SSL;
+ sec->secure = APR_LDAP_SSL;
}
else if (0 == strcasecmp("TLS", mode) || 0 == strcasecmp("STARTTLS", mode)) {
- sec->secure = AP_LDAP_STARTTLS;
+ sec->secure = APR_LDAP_STARTTLS;
}
else {
return "Invalid LDAP connection mode setting: must be one of NONE, "
@@ -1409,7 +1409,7 @@ static const char *mod_auth_ldap_parse_u
*/
if (strncasecmp(url, "ldaps", 5) == 0)
{
- sec->secure = AP_LDAP_SSL;
+ sec->secure = APR_LDAP_SSL;
sec->port = urld->lud_port? urld->lud_port : LDAPS_PORT;
}
else
@@ -1431,7 +1431,7 @@ static const char *mod_auth_ldap_parse_u
urld->lud_scope == LDAP_SCOPE_BASE? "base" :
urld->lud_scope == LDAP_SCOPE_ONELEVEL? "onelevel" : "unknown"),
urld->lud_filter,
- sec->secure == AP_LDAP_SSL ? "using SSL": "not using SSL"
+ sec->secure == APR_LDAP_SSL ? "using SSL": "not using SSL"
);
return NULL;
Modified: httpd/httpd/branches/revert-ap-ldap/modules/ldap/config.m4
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/revert-ap-ldap/modules/ldap/config.m4?rev=1150172&r1=1150171&r2=1150172&view=diff
==============================================================================
--- httpd/httpd/branches/revert-ap-ldap/modules/ldap/config.m4 (original)
+++ httpd/httpd/branches/revert-ap-ldap/modules/ldap/config.m4 Sat Jul 23 17:29:42 2011
@@ -3,22 +3,12 @@ dnl APACHE_MODULE(name, helptext[, objec
APACHE_MODPATH_INIT(ldap)
-ldap_objects="dnl
-util_ldap.lo dnl
-util_ldap_cache.lo dnl
-util_ldap_cache_mgr.lo dnl
-ap_ldap_init.lo dnl
-ap_ldap_option.lo dnl
-ap_ldap_rebind.lo dnl
-ap_ldap_url.lo dnl
-"
-
+ldap_objects="util_ldap.lo util_ldap_cache.lo util_ldap_cache_mgr.lo"
APACHE_MODULE(ldap, LDAP caching and connection pooling services, $ldap_objects, , no, [
- AP_FIND_LDAP
if test -z "$apu_config" ; then
- APR_ADDTO(MOD_LDAP_LDADD, [$LDADD_ldap])
+ MOD_LDAP_LDADD="`$apr_config --ldap-libs`"
else
- APR_ADDTO(MOD_LDAP_LDADD, [$LDADD_ldap])
+ MOD_LDAP_LDADD="`$apu_config --ldap-libs`"
fi
AC_SUBST(MOD_LDAP_LDADD)
])
Modified: httpd/httpd/branches/revert-ap-ldap/modules/ldap/util_ldap.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/revert-ap-ldap/modules/ldap/util_ldap.c?rev=1150172&r1=1150171&r2=1150172&view=diff
==============================================================================
--- httpd/httpd/branches/revert-ap-ldap/modules/ldap/util_ldap.c (original)
+++ httpd/httpd/branches/revert-ap-ldap/modules/ldap/util_ldap.c Sat Jul 23 17:29:42 2011
@@ -38,8 +38,17 @@
#include <unistd.h>
#endif
-#if !AP_HAS_LDAP
-#error mod_ldap requires httpd to detect LDAP support
+#if !APR_HAS_LDAP
+#error mod_ldap requires APR-util to have LDAP support built in
+#endif
+
+/* Default define for ldap functions that need a SIZELIMIT but
+ * do not have the define
+ * XXX This should be removed once a supporting #define is
+ * released through APR-Util.
+ */
+#ifndef APR_LDAP_SIZELIMIT
+#define APR_LDAP_SIZELIMIT -1
#endif
#ifdef LDAP_OPT_DEBUG_LEVEL
@@ -172,7 +181,7 @@ static apr_status_t uldap_connection_unb
/* forget the rebind info for this conn */
if (ldc->ChaseReferrals == AP_LDAP_CHASEREFERRALS_ON) {
- ap_ldap_rebind_remove(ldc->ldap);
+ apr_ldap_rebind_remove(ldc->ldap);
apr_pool_clear(ldc->rebind_pool);
}
}
@@ -242,7 +251,7 @@ static int uldap_connection_init(request
{
int rc = 0, ldap_option = 0;
int version = LDAP_VERSION3;
- ap_ldap_err_t *result = NULL;
+ apr_ldap_err_t *result = NULL;
#ifdef LDAP_OPT_NETWORK_TIMEOUT
struct timeval connectionTimeout = {10,0}; /* 10 second connection timeout */
#endif
@@ -256,10 +265,10 @@ static int uldap_connection_init(request
* some hosts with ports and some without. All hosts which do not
* specify a port will use the default port.
*/
- ap_ldap_init(r->pool, &(ldc->ldap),
+ apr_ldap_init(r->pool, &(ldc->ldap),
ldc->host,
- AP_LDAP_SSL == ldc->secure ? LDAPS_PORT : LDAP_PORT,
- AP_LDAP_NONE,
+ APR_LDAP_SSL == ldc->secure ? LDAPS_PORT : LDAP_PORT,
+ APR_LDAP_NONE,
&(result));
if (NULL == result) {
@@ -291,7 +300,7 @@ static int uldap_connection_init(request
if (ldc->ChaseReferrals == AP_LDAP_CHASEREFERRALS_ON) {
/* Now that we have an ldap struct, add it to the referral list for rebinds. */
- rc = ap_ldap_rebind_add(ldc->rebind_pool, ldc->ldap, ldc->binddn, ldc->bindpw);
+ rc = apr_ldap_rebind_add(ldc->rebind_pool, ldc->ldap, ldc->binddn, ldc->bindpw);
if (rc != APR_SUCCESS) {
ap_log_error(APLOG_MARK, APLOG_ERR, rc, r->server,
"LDAP: Unable to add rebind cross reference entry. Out of memory?");
@@ -306,7 +315,7 @@ static int uldap_connection_init(request
/* set client certificates */
if (!apr_is_empty_array(ldc->client_certs)) {
- ap_ldap_set_option(r->pool, ldc->ldap, AP_LDAP_OPT_TLS_CERT,
+ apr_ldap_set_option(r->pool, ldc->ldap, APR_LDAP_OPT_TLS_CERT,
ldc->client_certs, &(result));
if (LDAP_SUCCESS != result->rc) {
uldap_connection_unbind( ldc );
@@ -316,9 +325,9 @@ static int uldap_connection_init(request
}
/* switch on SSL/TLS */
- if (AP_LDAP_NONE != ldc->secure) {
- ap_ldap_set_option(r->pool, ldc->ldap,
- AP_LDAP_OPT_TLS, &ldc->secure, &(result));
+ if (APR_LDAP_NONE != ldc->secure) {
+ apr_ldap_set_option(r->pool, ldc->ldap,
+ APR_LDAP_OPT_TLS, &ldc->secure, &(result));
if (LDAP_SUCCESS != result->rc) {
uldap_connection_unbind( ldc );
ldc->reason = result->reason;
@@ -335,8 +344,8 @@ static int uldap_connection_init(request
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"LDAP: Setting referrals to %s.",
((ldc->ChaseReferrals == AP_LDAP_CHASEREFERRALS_ON) ? "On" : "Off"));
- ap_ldap_set_option(r->pool, ldc->ldap,
- AP_LDAP_OPT_REFERRALS,
+ apr_ldap_set_option(r->pool, ldc->ldap,
+ APR_LDAP_OPT_REFERRALS,
(void *)((ldc->ChaseReferrals == AP_LDAP_CHASEREFERRALS_ON) ?
LDAP_OPT_ON : LDAP_OPT_OFF),
&(result));
@@ -356,8 +365,8 @@ static int uldap_connection_init(request
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"Setting referral hop limit to %d.",
ldc->ReferralHopLimit);
- ap_ldap_set_option(r->pool, ldc->ldap,
- AP_LDAP_OPT_REFHOPLIMIT,
+ apr_ldap_set_option(r->pool, ldc->ldap,
+ APR_LDAP_OPT_REFHOPLIMIT,
(void *)&ldc->ReferralHopLimit,
&(result));
if (result->rc != LDAP_SUCCESS) {
@@ -373,8 +382,31 @@ static int uldap_connection_init(request
}
}
- ap_ldap_set_option(r->pool, ldc->ldap, AP_LDAP_OPT_VERIFY_CERT,
+/*XXX All of the #ifdef's need to be removed once apr-util 1.2 is released */
+#ifdef APR_LDAP_OPT_VERIFY_CERT
+ apr_ldap_set_option(r->pool, ldc->ldap, APR_LDAP_OPT_VERIFY_CERT,
&(st->verify_svr_cert), &(result));
+#else
+#if defined(LDAPSSL_VERIFY_SERVER)
+ if (st->verify_svr_cert) {
+ result->rc = ldapssl_set_verify_mode(LDAPSSL_VERIFY_SERVER);
+ }
+ else {
+ result->rc = ldapssl_set_verify_mode(LDAPSSL_VERIFY_NONE);
+ }
+#elif defined(LDAP_OPT_X_TLS_REQUIRE_CERT)
+ /* This is not a per-connection setting so just pass NULL for the
+ Ldap connection handle */
+ if (st->verify_svr_cert) {
+ int i = LDAP_OPT_X_TLS_DEMAND;
+ result->rc = ldap_set_option(NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, &i);
+ }
+ else {
+ int i = LDAP_OPT_X_TLS_NEVER;
+ result->rc = ldap_set_option(NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, &i);
+ }
+#endif
+#endif
#ifdef LDAP_OPT_NETWORK_TIMEOUT
if (st->connectionTimeout > 0) {
@@ -382,7 +414,7 @@ static int uldap_connection_init(request
}
if (st->connectionTimeout >= 0) {
- rc = ap_ldap_set_option(r->pool, ldc->ldap, LDAP_OPT_NETWORK_TIMEOUT,
+ rc = apr_ldap_set_option(r->pool, ldc->ldap, LDAP_OPT_NETWORK_TIMEOUT,
(void *)&connectionTimeout, &(result));
if (APR_SUCCESS != rc) {
ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server,
@@ -401,7 +433,7 @@ static int uldap_connection_init(request
* XXX: ldap_result() with a timeout.
*/
if (st->opTimeout) {
- rc = ap_ldap_set_option(r->pool, ldc->ldap, LDAP_OPT_TIMEOUT,
+ rc = apr_ldap_set_option(r->pool, ldc->ldap, LDAP_OPT_TIMEOUT,
st->opTimeout, &(result));
if (APR_SUCCESS != rc) {
ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server,
@@ -556,7 +588,7 @@ static int compare_client_certs(apr_arra
apr_array_header_t *dests)
{
int i = 0;
- struct ap_ldap_opt_tls_cert_t *src, *dest;
+ struct apr_ldap_opt_tls_cert_t *src, *dest;
/* arrays both NULL? if so, then equal */
if (srcs == NULL && dests == NULL) {
@@ -569,8 +601,8 @@ static int compare_client_certs(apr_arra
}
/* run an actual comparison */
- src = (struct ap_ldap_opt_tls_cert_t *)srcs->elts;
- dest = (struct ap_ldap_opt_tls_cert_t *)dests->elts;
+ src = (struct apr_ldap_opt_tls_cert_t *)srcs->elts;
+ dest = (struct apr_ldap_opt_tls_cert_t *)dests->elts;
for (i = 0; i < srcs->nelts; i++) {
if ((strcmp(src[i].path, dest[i].path)) ||
(src[i].type != dest[i].type) ||
@@ -617,7 +649,7 @@ static util_ldap_connection_t *
apr_thread_mutex_lock(st->mutex);
#endif
- if (secure < AP_LDAP_NONE) {
+ if (secure < APR_LDAP_NONE) {
secureflag = st->secure;
}
@@ -731,7 +763,7 @@ static util_ldap_connection_t *
l->ReferralHopLimit = dc->ReferralHopLimit;
/* The security mode after parsing the URL will always be either
- * AP_LDAP_NONE (ldap://) or AP_LDAP_SSL (ldaps://).
+ * APR_LDAP_NONE (ldap://) or APR_LDAP_SSL (ldaps://).
* If the security setting is NONE, override it to the security
* setting optionally supplied by the admin using LDAPTrustedMode
*/
@@ -853,7 +885,7 @@ start_over:
/* search for reqdn */
result = ldap_search_ext_s(ldc->ldap, (char *)reqdn, LDAP_SCOPE_BASE,
"(objectclass=*)", NULL, 1,
- NULL, NULL, st->opTimeout, AP_LDAP_SIZELIMIT, &res);
+ NULL, NULL, st->opTimeout, APR_LDAP_SIZELIMIT, &res);
if (AP_LDAP_IS_SERVER_DOWN(result))
{
ldc->reason = "DN Comparison ldap_search_ext_s() "
@@ -1112,7 +1144,7 @@ start_over:
/* try to do the search */
result = ldap_search_ext_s(ldc->ldap, (char *)dn, LDAP_SCOPE_BASE,
(char *)"cn=*", subgroupAttrs, 0,
- NULL, NULL, NULL, AP_LDAP_SIZELIMIT, &sga_res);
+ NULL, NULL, NULL, APR_LDAP_SIZELIMIT, &sga_res);
if (AP_LDAP_IS_SERVER_DOWN(result)) {
ldc->reason = "ldap_search_ext_s() for subgroups failed with server"
" down";
@@ -1583,7 +1615,7 @@ start_over:
result = ldap_search_ext_s(ldc->ldap,
(char *)basedn, scope,
(char *)filter, attrs, 0,
- NULL, NULL, st->opTimeout, AP_LDAP_SIZELIMIT, &res);
+ NULL, NULL, st->opTimeout, APR_LDAP_SIZELIMIT, &res);
if (AP_LDAP_IS_SERVER_DOWN(result))
{
ldc->reason = "ldap_search_ext_s() for user failed with server down";
@@ -1834,7 +1866,7 @@ start_over:
result = ldap_search_ext_s(ldc->ldap,
(char *)basedn, scope,
(char *)filter, attrs, 0,
- NULL, NULL, st->opTimeout, AP_LDAP_SIZELIMIT, &res);
+ NULL, NULL, st->opTimeout, APR_LDAP_SIZELIMIT, &res);
if (AP_LDAP_IS_SERVER_DOWN(result))
{
ldc->reason = "ldap_search_ext_s() for user failed with server down";
@@ -2104,72 +2136,72 @@ static const char *util_ldap_set_opcache
* CA_DER, CA_BASE64, CA_CERT7_DB, CA_SECMOD, CERT_DER, CERT_BASE64,
* CERT_KEY3_DB, CERT_NICKNAME, KEY_DER, KEY_BASE64
*
- * If no matches are found, AP_LDAP_CA_TYPE_UNKNOWN is returned.
+ * If no matches are found, APR_LDAP_CA_TYPE_UNKNOWN is returned.
*/
static int util_ldap_parse_cert_type(const char *type)
{
/* Authority file in binary DER format */
if (0 == strcasecmp("CA_DER", type)) {
- return AP_LDAP_CA_TYPE_DER;
+ return APR_LDAP_CA_TYPE_DER;
}
/* Authority file in Base64 format */
else if (0 == strcasecmp("CA_BASE64", type)) {
- return AP_LDAP_CA_TYPE_BASE64;
+ return APR_LDAP_CA_TYPE_BASE64;
}
/* Netscape certificate database file/directory */
else if (0 == strcasecmp("CA_CERT7_DB", type)) {
- return AP_LDAP_CA_TYPE_CERT7_DB;
+ return APR_LDAP_CA_TYPE_CERT7_DB;
}
/* Netscape secmod file/directory */
else if (0 == strcasecmp("CA_SECMOD", type)) {
- return AP_LDAP_CA_TYPE_SECMOD;
+ return APR_LDAP_CA_TYPE_SECMOD;
}
/* Client cert file in DER format */
else if (0 == strcasecmp("CERT_DER", type)) {
- return AP_LDAP_CERT_TYPE_DER;
+ return APR_LDAP_CERT_TYPE_DER;
}
/* Client cert file in Base64 format */
else if (0 == strcasecmp("CERT_BASE64", type)) {
- return AP_LDAP_CERT_TYPE_BASE64;
+ return APR_LDAP_CERT_TYPE_BASE64;
}
/* Client cert file in PKCS#12 format */
else if (0 == strcasecmp("CERT_PFX", type)) {
- return AP_LDAP_CERT_TYPE_PFX;
+ return APR_LDAP_CERT_TYPE_PFX;
}
/* Netscape client cert database file/directory */
else if (0 == strcasecmp("CERT_KEY3_DB", type)) {
- return AP_LDAP_CERT_TYPE_KEY3_DB;
+ return APR_LDAP_CERT_TYPE_KEY3_DB;
}
/* Netscape client cert nickname */
else if (0 == strcasecmp("CERT_NICKNAME", type)) {
- return AP_LDAP_CERT_TYPE_NICKNAME;
+ return APR_LDAP_CERT_TYPE_NICKNAME;
}
/* Client cert key file in DER format */
else if (0 == strcasecmp("KEY_DER", type)) {
- return AP_LDAP_KEY_TYPE_DER;
+ return APR_LDAP_KEY_TYPE_DER;
}
/* Client cert key file in Base64 format */
else if (0 == strcasecmp("KEY_BASE64", type)) {
- return AP_LDAP_KEY_TYPE_BASE64;
+ return APR_LDAP_KEY_TYPE_BASE64;
}
/* Client cert key file in PKCS#12 format */
else if (0 == strcasecmp("KEY_PFX", type)) {
- return AP_LDAP_KEY_TYPE_PFX;
+ return APR_LDAP_KEY_TYPE_PFX;
}
else {
- return AP_LDAP_CA_TYPE_UNKNOWN;
+ return APR_LDAP_CA_TYPE_UNKNOWN;
}
}
@@ -2198,7 +2230,7 @@ static const char *util_ldap_set_trusted
apr_finfo_t finfo;
apr_status_t rv;
int cert_type = 0;
- ap_ldap_opt_tls_cert_t *cert;
+ apr_ldap_opt_tls_cert_t *cert;
if (err != NULL) {
return err;
@@ -2207,7 +2239,7 @@ static const char *util_ldap_set_trusted
/* handle the certificate type */
if (type) {
cert_type = util_ldap_parse_cert_type(type);
- if (AP_LDAP_CA_TYPE_UNKNOWN == cert_type) {
+ if (APR_LDAP_CA_TYPE_UNKNOWN == cert_type) {
return apr_psprintf(cmd->pool, "The certificate type %s is "
"not recognised. It should be one "
"of CA_DER, CA_BASE64, CA_CERT7_DB, "
@@ -2225,14 +2257,14 @@ static const char *util_ldap_set_trusted
file, type);
/* add the certificate to the global array */
- cert = (ap_ldap_opt_tls_cert_t *)apr_array_push(st->global_certs);
+ cert = (apr_ldap_opt_tls_cert_t *)apr_array_push(st->global_certs);
cert->type = cert_type;
cert->path = file;
cert->password = password;
/* if file is a file or path, fix the path */
- if (cert_type != AP_LDAP_CA_TYPE_UNKNOWN &&
- cert_type != AP_LDAP_CERT_TYPE_NICKNAME) {
+ if (cert_type != APR_LDAP_CA_TYPE_UNKNOWN &&
+ cert_type != APR_LDAP_CERT_TYPE_NICKNAME) {
cert->path = ap_server_root_relative(cmd->pool, file);
if (cert->path &&
@@ -2269,12 +2301,12 @@ static const char *util_ldap_set_trusted
apr_finfo_t finfo;
apr_status_t rv;
int cert_type = 0;
- ap_ldap_opt_tls_cert_t *cert;
+ apr_ldap_opt_tls_cert_t *cert;
/* handle the certificate type */
if (type) {
cert_type = util_ldap_parse_cert_type(type);
- if (AP_LDAP_CA_TYPE_UNKNOWN == cert_type) {
+ if (APR_LDAP_CA_TYPE_UNKNOWN == cert_type) {
return apr_psprintf(cmd->pool, "The certificate type \"%s\" is "
"not recognised. It should be one "
"of CA_DER, CA_BASE64, "
@@ -2283,10 +2315,10 @@ static const char *util_ldap_set_trusted
"KEY_DER, KEY_BASE64, KEY_PFX",
type);
}
- else if ( AP_LDAP_CA_TYPE_CERT7_DB == cert_type ||
- AP_LDAP_CA_TYPE_SECMOD == cert_type ||
- AP_LDAP_CERT_TYPE_PFX == cert_type ||
- AP_LDAP_CERT_TYPE_KEY3_DB == cert_type) {
+ else if ( APR_LDAP_CA_TYPE_CERT7_DB == cert_type ||
+ APR_LDAP_CA_TYPE_SECMOD == cert_type ||
+ APR_LDAP_CERT_TYPE_PFX == cert_type ||
+ APR_LDAP_CERT_TYPE_KEY3_DB == cert_type) {
return apr_psprintf(cmd->pool, "The certificate type \"%s\" is "
"only valid within a "
"LDAPTrustedGlobalCert directive. "
@@ -2305,14 +2337,14 @@ static const char *util_ldap_set_trusted
file, type);
/* add the certificate to the client array */
- cert = (ap_ldap_opt_tls_cert_t *)apr_array_push(dc->client_certs);
+ cert = (apr_ldap_opt_tls_cert_t *)apr_array_push(dc->client_certs);
cert->type = cert_type;
cert->path = file;
cert->password = password;
/* if file is a file or path, fix the path */
- if (cert_type != AP_LDAP_CA_TYPE_UNKNOWN &&
- cert_type != AP_LDAP_CERT_TYPE_NICKNAME) {
+ if (cert_type != APR_LDAP_CA_TYPE_UNKNOWN &&
+ cert_type != APR_LDAP_CERT_TYPE_NICKNAME) {
cert->path = ap_server_root_relative(cmd->pool, file);
if (cert->path &&
@@ -2352,14 +2384,14 @@ static const char *util_ldap_set_trusted
mode);
if (0 == strcasecmp("NONE", mode)) {
- st->secure = AP_LDAP_NONE;
+ st->secure = APR_LDAP_NONE;
}
else if (0 == strcasecmp("SSL", mode)) {
- st->secure = AP_LDAP_SSL;
+ st->secure = APR_LDAP_SSL;
}
else if ( (0 == strcasecmp("TLS", mode))
|| (0 == strcasecmp("STARTTLS", mode))) {
- st->secure = AP_LDAP_STARTTLS;
+ st->secure = APR_LDAP_STARTTLS;
}
else {
return "Invalid LDAPTrustedMode setting: must be one of NONE, "
@@ -2485,7 +2517,7 @@ static void *util_ldap_create_dir_config
(util_ldap_config_t *) apr_pcalloc(p,sizeof(util_ldap_config_t));
/* defaults are AP_LDAP_CHASEREFERRALS_ON and AP_LDAP_DEFAULT_HOPLIMIT */
- dc->client_certs = apr_array_make(p, 10, sizeof(ap_ldap_opt_tls_cert_t));
+ dc->client_certs = apr_array_make(p, 10, sizeof(apr_ldap_opt_tls_cert_t));
dc->ChaseReferrals = AP_LDAP_CHASEREFERRALS_ON;
dc->ReferralHopLimit = AP_LDAP_HOPLIMIT_UNSET;
@@ -2584,8 +2616,8 @@ static void *util_ldap_create_config(apr
st->compare_cache_size = 1024;
st->connections = NULL;
st->ssl_supported = 0;
- st->global_certs = apr_array_make(p, 10, sizeof(ap_ldap_opt_tls_cert_t));
- st->secure = AP_LDAP_NONE;
+ st->global_certs = apr_array_make(p, 10, sizeof(apr_ldap_opt_tls_cert_t));
+ st->secure = APR_LDAP_NONE;
st->secure_set = 0;
st->connectionTimeout = 10;
st->opTimeout = apr_pcalloc(p, sizeof(struct timeval));
@@ -2657,7 +2689,7 @@ static apr_status_t util_ldap_cleanup_mo
s->module_config, &ldap_module);
if (st->ssl_supported) {
- ap_ldap_ssl_deinit();
+ apr_ldap_ssl_deinit();
}
return APR_SUCCESS;
@@ -2689,7 +2721,7 @@ static int util_ldap_post_config(apr_poo
ap_get_module_config(s->module_config,
&ldap_module);
- ap_ldap_err_t *result_err = NULL;
+ apr_ldap_err_t *result_err = NULL;
int rc;
/* util_ldap_post_config() will be called twice. Don't bother
@@ -2762,8 +2794,8 @@ static int util_ldap_post_config(apr_poo
/* log the LDAP SDK used
*/
{
- ap_ldap_err_t *result = NULL;
- ap_ldap_info(p, &(result));
+ apr_ldap_err_t *result = NULL;
+ apr_ldap_info(p, &(result));
if (result != NULL) {
ap_log_error(APLOG_MARK, APLOG_INFO, 0, s, "%s", result->reason);
}
@@ -2778,12 +2810,12 @@ static int util_ldap_post_config(apr_poo
* If SSL is not supported it is not necessarily an error, as the
* application may not want to use it.
*/
- rc = ap_ldap_ssl_init(p,
+ rc = apr_ldap_ssl_init(p,
NULL,
0,
&(result_err));
if (APR_SUCCESS == rc) {
- rc = ap_ldap_set_option(ptemp, NULL, AP_LDAP_OPT_TLS_CERT,
+ rc = apr_ldap_set_option(ptemp, NULL, APR_LDAP_OPT_TLS_CERT,
(void *)st->global_certs, &(result_err));
}
@@ -2801,7 +2833,7 @@ static int util_ldap_post_config(apr_poo
}
/* Initialize the rebind callback's cross reference list. */
- ap_ldap_rebind_init (p);
+ apr_ldap_rebind_init (p);
#ifdef AP_LDAP_OPT_DEBUG
if (st->debug_level > 0) {
Modified: httpd/httpd/branches/revert-ap-ldap/modules/ldap/util_ldap_cache.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/revert-ap-ldap/modules/ldap/util_ldap_cache.c?rev=1150172&r1=1150171&r2=1150172&view=diff
==============================================================================
--- httpd/httpd/branches/revert-ap-ldap/modules/ldap/util_ldap_cache.c (original)
+++ httpd/httpd/branches/revert-ap-ldap/modules/ldap/util_ldap_cache.c Sat Jul 23 17:29:42 2011
@@ -27,7 +27,7 @@
#include "util_ldap_cache.h"
#include <apr_strings.h>
-#if AP_HAS_LDAP
+#if APR_HAS_LDAP
/* ------------------------------------------------------------------ */
@@ -461,4 +461,4 @@ apr_status_t util_ldap_cache_init(apr_po
}
-#endif /* AP_HAS_LDAP */
+#endif /* APR_HAS_LDAP */
Modified: httpd/httpd/branches/revert-ap-ldap/modules/ldap/util_ldap_cache.h
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/revert-ap-ldap/modules/ldap/util_ldap_cache.h?rev=1150172&r1=1150171&r2=1150172&view=diff
==============================================================================
--- httpd/httpd/branches/revert-ap-ldap/modules/ldap/util_ldap_cache.h (original)
+++ httpd/httpd/branches/revert-ap-ldap/modules/ldap/util_ldap_cache.h Sat Jul 23 17:29:42 2011
@@ -14,8 +14,8 @@
* limitations under the License.
*/
-#ifndef AP_LDAP_CACHE_H
-#define AP_LDAP_CACHE_H
+#ifndef APU_LDAP_CACHE_H
+#define APU_LDAP_CACHE_H
/**
* @file util_ldap_cache.h
@@ -23,7 +23,7 @@
*/
/* this whole thing disappears if LDAP is not enabled */
-#if AP_HAS_LDAP
+#if APR_HAS_LDAP
/*
@@ -200,5 +200,5 @@ void *util_ald_cache_insert(util_ald_cac
void util_ald_cache_remove(util_ald_cache_t *cache, void *payload);
char *util_ald_cache_display_stats(request_rec *r, util_ald_cache_t *cache, char *name, char *id);
-#endif /* AP_HAS_LDAP */
-#endif /* AP_LDAP_CACHE_H */
+#endif /* APR_HAS_LDAP */
+#endif /* APU_LDAP_CACHE_H */
Modified: httpd/httpd/branches/revert-ap-ldap/modules/ldap/util_ldap_cache_mgr.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/revert-ap-ldap/modules/ldap/util_ldap_cache_mgr.c?rev=1150172&r1=1150171&r2=1150172&view=diff
==============================================================================
--- httpd/httpd/branches/revert-ap-ldap/modules/ldap/util_ldap_cache_mgr.c (original)
+++ httpd/httpd/branches/revert-ap-ldap/modules/ldap/util_ldap_cache_mgr.c Sat Jul 23 17:29:42 2011
@@ -29,7 +29,7 @@
APLOG_USE_MODULE(ldap);
-#if AP_HAS_LDAP
+#if APR_HAS_LDAP
/* only here until strdup is gone */
#include <string.h>
@@ -877,4 +877,4 @@ char *util_ald_cache_display(request_rec
return buf;
}
-#endif /* AP_HAS_LDAP */
+#endif /* APR_HAS_LDAP */